Rantburg

Today's Front Page   View All of Mon 05/06/2024 View Sun 05/05/2024 View Sat 05/04/2024 View Fri 05/03/2024 View Thu 05/02/2024 View Wed 05/01/2024 View Tue 04/30/2024
2021-11-19 Syria-Lebanon-Iran
Amid ongoing cyberwar, Iran uses new tactic: Doxing Israeli foes
[IsraelTimes] In tacit threat, Tehran releases the name, photo and address of an Israeli cyber security expert who specializes in Iranian hacking efforts.

Iran
...The nation is noted for spontaneously taking over other countries' embassies, maintaining whorehouses run by clergymen, involvement in international drug trafficking, and financing sock puppet militias to extend the regime's influence...
on Wednesday released the name, photograph, phone number and home address of an Israeli cyber security expert who specializes in Iranian hacking efforts — its latest gambit in an ongoing cyberwar.

The information was published by Fars News, an Iranian outlet operated by the Islamic Revolutionary Guard Corps.

The release of the information, or doxing, served as a tacit threat to both the cyber security specialist himself and to other Israelis who perform similar work.

In addition to his name, phone number and home address, Fars also published the cyber security expert’s birth date, email address, social media handles and a photograph of his apartment building. Most of the information appears to have been gleaned from his social media accounts and other open sources.

The Israeli man appeared to have been targeted by the IRGC because of his work in the Israel Defense Forces, in Military Intelligence’s cyber-focused Unit 8200; and in the civilian world, for a cyber security firm, Clear Sky, which has uncovered a number of hacking efforts by Iran.

Israel and Iran have for years been involved in a largely quiet cyberwar, which occasionally bubbles to the surface.

Last month, Iran accused Israel of being behind a cyberattack on the country’s gas stations, knocking them out of service for a week.

Days later, an Iranian-linked hacking group, Black Shadow, targeted an Israeli hosting company, temporarily shutting down a number of websites and stealing user data from "Atraf," an Israeli LGBT dating site.

Black Shadow also stole a vast trove of information from Israeli insurance company Shirbit last year and then sold it on the dark web when the firm refused to pay a ransom.

In 2010 the Stuxnet virus — believed to have been engineered by Israel and the US — infected Iran’s nuclear program, causing a series of breakdowns in centrifuges used to enrich uranium.

Iran disconnected much of its infrastructure from the internet after the Stuxnet virus.

Iran-backed hackers accused of targeting ’broad range of victims’ in US

[IsraelTimes] American cyber firm says Iran targeting Israel in espionage attacks; Microsoft reports 6 Iranian groups deploying ransomware in past year

Hackers linked to the Iranian government have been targeting a "broad range of victims" inside the United States, including by deploying ransomware, according to an advisory issued Wednesday by American, British and Australian officials.

The advisory says that in recent months, Iran has exploited computer vulnerabilities exposed by hackers before they can be fixed and targeted entities in the transportation, health care and public health sectors. The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion, according to the advisory. The group has used the same Microsoft Exchange vulnerability in Australia, officials say.

The warning is notable because even though ransomware attacks remain prevalent in the US, most of the significant ones in the past year have been attributed to Russia-based criminal hacker gangs rather than Iranian hackers.

Government officials aren’t the only ones noticing the Iranian activity: Tech giant Microsoft announced Tuesday that it had seen six different groups in Iran deploying ransomware since last year.

Microsoft said one of the groups spends significant time and energy trying to build rapport with their intended victims before targeting them with spear-phishing campaigns. The group uses fake conference invitations or interview requests and frequently masquerade as officials at think tanks in Washington, DC, as a cover, Microsoft said.

Once rapport is built and a malicious link is sent, the Iranians are extra pushy at trying to get their victims to click on it, said James Elliott, a member of the Microsoft Threat Intelligence Center.

"These guys are the biggest pain in the rear. Every two hours they’re sending an email," Elliott said at the Cyberwarcon cybersecurity conference Tuesday.

Earlier this year Facebook announced it had found Iranian hackers using "sophisticated fake online personas" to build trust with targets and get them to click on malicious links and often posed as recruiters of defense and aerospace companies.

Researchers at the American Crowdstrike cybersecurity firm said they and competitors began seeing this type of Iranian activity last year.

The Iranian ransomware attacks, unlike those sponsored by North Korea
...hereditary Communist monarchy distinguished by its truculence and periodic acts of violence. Distinguishing features include Songun (Army First) policy, which involves feeding the army before anyone but the Dear Leadership, and Juche, which is Kim Jong Il's personal interpretation of Marxism-Leninism, which he told everybody was brilliant. In 1950 the industrialized North invaded agrarian South Korea. Twenty-one countries of the United Nations eventually contributed to the UN force opposing the invasion, with the United States providing around 90% of the military personnel. Seventy years later the economic results are in and it doesn't look good for Juche...
’s government, are not designed to generate revenue so much as for espionage, to sow disinformation, to harass and embarrass foes — Israel, chief among them —and to essentially wear down their targets, Crowdstrike researchers said at the Cyberwarcon event.

"While these operations will use ransom notes and dedicated leak sites demanding hard cryptocurrency, we’re really not seeing any viable effort at actual currency generation," Crowdstrike global threat analysis director Kate Blankenship said.

Crowdstrike considers Iran to be the trendsetter in this novel "low form" of cyberattack, which typically involves paralyzing a network with ransomware, stealing information and then leaking it online. The researchers call the method "lock and leak." It is less visible, less costly and "provides more room for deniability," Blankenship said.
Posted by trailing wife 2021-11-19 00:00|| || Front Page|| [22 views ]  Top
 File under: Govt of Iran 

#1 I guess we'd better go to war with Iran, then.
Posted by Shomp Ebbeans2472 2021-11-19 07:01||   2021-11-19 07:01|| Front Page Top

#2 Hi Herb
Posted by Frank G 2021-11-19 07:40||   2021-11-19 07:40|| Front Page Top

#3 Come on, man! Couldn't we nuke them just a little bit? Howzabout a sub-launched cruise missile or two? We can blame the Juice. Everyone knows how they're all perfidious and stuff.
Posted by SteveS 2021-11-19 12:06||   2021-11-19 12:06|| Front Page Top

16:49 Abu Uluque
16:35 Procopius2k
16:31 Procopius2k
16:29 Procopius2k
16:27 Procopius2k
16:21 Dale
16:00 Tom
15:55 jpal
15:53 Tom
15:49 Grom the Reflective
15:48 jpal
15:46 jpal
15:36 49 Pan
15:30 49 Pan
14:59 Airandee
14:55 Besoeker
14:54 Besoeker
14:54 Airandee
14:53 magpie
14:51 Besoeker
14:49 NoMoreBS
14:49 magpie
14:48 Besoeker
14:46 Besoeker









Paypal:
Google
Search WWW Search rantburg.com